Feds Must Address Mobile Security, Experts Say

Federal government agencies must work on improving mobile device security, as people are increasingly attached to their devices and attackers can wield a variety of new threats that can expose agencies’ passwords, personal information and networks, industry officials said this week.

At FedInsider’s webinar on the full spectrum of mobile risks, participants discussed how phishing is one of the most common attacks on mobile devices.

“Tools that we taught individuals and companies to use in order to identify phishing don’t exist on a [mobile] device,” said Kiersten Todt, managing partner of Liberty Group Ventures and resident scholar at the University of Pittsburgh’s Institute for Cyber Law, Policy, and Security. “We tend to be less vigorous when it comes to our personal use.”

Todt noted how attackers have more avenues available to mount attacks on mobile devices. Instead of relying on email phishing, texting communication apps like Facebook Messenger and WhatsApp are promising avenues for phishers to get into a device.

With more work-related usage of mobile devices, agencies need to worry about mobile security in their deployments. “It’s going to be critical that [the Census Bureau’s] devices are protected because they are going to have personally identifiable information” on them, said Bob Stevens, vice president of Federal for Lookout, a mobile security software company.

Stevens also brought up the Department of Veterans Affairs (VA) and its use of apps as an example of how citizens can put their own data at risk. “There’s likely to be some personal information in there, so the VA really owes it to its constituents to ensure that device is secure before allowing them to be able to enter any type of data that could be damaging,” he said.

Federal agencies can take steps to improve their security, but first they need to acknowledge the problem. A Lookout survey found mobile device compromises in over 60 percent of those surveyed.

“While there’s not that broad acknowledgement on the challenges to mobile security, when you start going deep in to the agencies you see it as a prevalent problem,” said Todt. She also called for a strategic focus on mobile security from the top of government including in connection with national security strategy.

So what can agencies do to protect their devices now?

“We tend to think that mobile device management provides us security devices, and that’s actually not effective enough. Because of the multifaceted threats that are hitting phones, mobile threat protection is critical,” said Todt.

“We have a contract with DHS [Department of Homeland Security] to produce some unique features to government needs that can also be leveraged in the commercial space,” Stevens said, highlighting the use of the technology for protecting infrastructure.